As the mainframe continues to extend support for
consolidated workloads on System z, enterprises should strongly consider
utilizing the mainframe as their enterprise data and security hub. Mainframes are uniquely able to protect
information with a rich collection of encryption capabilities that includes
self-encrypting tape and disk storage for data at rest, in addition to robust
access controls, file level encryption, database encryption, and communication
encryption protocols. Now with the mainframe’s ability to support virtual
workloads, organizations can create cloud environments with protected data
available for shared innovative collaborative ventures.

Encryption is the ultimate solution for protecting sensitive
data. But many practitioners are reluctant to utilize encryption due to
concerns of performance overhead, disruption to their operations and changes
required in their applications, and encryption key management complexity. But
the biggest fear of all is losing all access to encrypted data if the
encryption key is ever lost or forgotten.

In most cases, organizations have less and less choice over
when and how to encrypt information as more and more industries and governments
enact legislation and standards that mandate the use of encryption.

Personal
financial information must be protected as regulated by SOX, GLBA, etc.

Breach
notification regulations include 45 US
states, national laws protecting
their citizens data such as in Italy, the recent rules
changes for the EU Directive on Privacy and Electronic Communications,
etc.

So a superior encryption key lifecycle management solution
is essential in order to implement the best end-to-end security which protects
enterprise mission critical data and sensitive personal information.This solution should include standards based
key management and help:

Centralize and automate encryption key management process

Work with hardware based encryption built into a
variety of IT components like self encrypting tape and disk drive

Reduce the number of encryption keys to be
managed through techniques like key wrapping of unique keys per device

Simplify encryption key management with an
intuitive user interface for configuration and management

Maintain performance by using hardware
acceleration and not slowing down data access paths

Facilitate compliance management of regulatory
standards with proof of encryption for safe harbor from disclosure requirements

Leverage open standards like the OASIS standard
Key Management Interoperability Protocol (KMIP) to give the choice of best of
breed components and facilitate vendor interoperability

Operate transparently without requiring code
modification

IBM Security Key Lifecycle Manager for z/OS allows enterprises to fully exploit the security strengths of their mainframes to act as both an enterprise data hub and an enterprise security hub for the consolidated workloads that run on the newest System z platforms.